Actually I'll third that opinion... I would leave credit card number storing/authorization up to the company that you process credit cards with - i.e. authorize.net, cybersource, etc.
They have interfaces already created where your client can view credit card transactions, refund, charge, etc.
There's no reason to put your company at risk by storing sensitive information if you don't have to (and possibly subjecting that information to hackers, in the case your server is compromised) - that's the job of the companies that process this information routinely.
As someone who regularly shops online, I am reassured when a company asks me to re-supply my CC information if there was a glitch or whatnot, since they don't store it.